{"data":{"id":"277f49e3-4eee-476a-8f38-45861eae343a","title":"CVE-2026-31223: The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE-502) in the BaseLabeler","summary":"The snorkel library (a machine learning tool for data labeling) versions up to 0.10.0 has a critical vulnerability in its BaseLabeler.load() method, which uses pickle.load() (a Python function that converts saved data back into usable objects) on user files without checking if they're safe. An attacker can create a malicious file that executes harmful code on a victim's computer when the file is loaded.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-31223","publishedAt":"2026-05-12T16:16:14.223Z","cveId":"CVE-2026-31223","cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Snorkel"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-12T16:16:14.223Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}